A framework for developing alerting and detection strategies for incident response.
created at Dec. 19, 2017, 1:33 a.m.
🚨ATTENTION🚨 The Security Stack Mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept here as an archive.
created at Nov. 18, 2020, 6:48 p.m.
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
created at May 30, 2022, 5:28 p.m.
Collection of YARA-L 2.0 sample rules for the Chronicle Detection API
created at Jan. 19, 2021, 9:30 p.m.
Community Security Analytics provides a set of community-driven audit & threat queries for Google Cloud
created at Jan. 11, 2022, 9:47 p.m.
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
created at July 3, 2022, 1:41 p.m.
✨ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The purpose is to create a reference hub for designing effective threat detection and response pipelines. 👷 🏗
created at July 6, 2023, 5:01 p.m.
A curated list of resources about detecting threats and defending Kubernetes systems.
created at March 4, 2023, 9:20 p.m.
Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise
created at April 12, 2022, 8:52 a.m.